Export limit exceeded: 364535 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364535 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-30689 | 1 Anjoy8 | 1 Blog.admin | 2026-07-10 | 4.3 Medium |
| In Blog.Core through bcb4d17, the getinfobytoken API interface contains improper access control that leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security. NOTE: Blog.Admin is related front-end code that does not offer an API service. | ||||
| CVE-2026-21039 | 1 Samsung | 1 Mobile Devices | 2026-07-10 | N/A |
| Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to configure Theft protection settings. | ||||
| CVE-2026-21040 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-10 | N/A |
| Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs. | ||||
| CVE-2026-21042 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-10 | N/A |
| Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code. | ||||
| CVE-2026-21043 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-10 | N/A |
| Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege. | ||||
| CVE-2026-21044 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-10 | N/A |
| Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1 allows local attackers to bypass the persistence configuration of the application. | ||||
| CVE-2026-21045 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-10 | N/A |
| Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory. | ||||
| CVE-2026-21046 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-10 | N/A |
| Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code. | ||||
| CVE-2026-21049 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-10 | N/A |
| Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code. | ||||
| CVE-2026-21050 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-10 | N/A |
| Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information. | ||||
| CVE-2026-21051 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-10 | N/A |
| Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings. | ||||
| CVE-2026-21052 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-10 | N/A |
| Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege. | ||||
| CVE-2026-21054 | 1 Samsung Mobile | 1 Inputsharing | 2026-07-10 | N/A |
| Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data. | ||||
| CVE-2026-21056 | 1 Samsung Mobile | 1 Samsung Health | 2026-07-10 | N/A |
| Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information. | ||||
| CVE-2026-21057 | 1 Samsung Mobile | 1 Samsung Pass | 2026-07-10 | N/A |
| Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory. | ||||
| CVE-2026-12685 | 2026-07-10 | N/A | ||
| The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator email address, and license key to a third-party server. | ||||
| CVE-2026-14475 | 2 Wordpress, Wplegalpages | 2 Wordpress, Cookie Banner For Gdpr / Ccpa – Wplp Cookie Consent | 2026-07-10 | 4.9 Medium |
| The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scan_id' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-0128 | 1 Google | 1 Android | 2026-07-10 | 3.5 Low |
| In RtcpFbPacket::decodeRtcpFbPacket, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2026-15028 | 1 Redhat | 3 Enterprise Linux, Hummingbird, Openshift | 2026-07-10 | 3.9 Low |
| A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation could lead to a denial of service, making the system unavailable, or potentially allow for arbitrary code execution, giving the attacker control over the affected system. | ||||
| CVE-2026-54468 | 2026-07-10 | 6.5 Medium | ||
| Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a path traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files. | ||||